This bug was fixed in the tagged releases
https://ubuntu.com/security/notices/USN-5329-1
General changelog:
* SECURITY UPDATE: Denial of service (LP: #1912091)
- debian/patches/CVE-2021-20193.patch: in read_header method in
src/list.c, change the return value to be the value of status
and break the execution, jumping to free next_long_name and
next_long_link before returning.
- CVE-2021-20193
** Also affects: tar (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: tar (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: tar (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: tar (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: tar (Ubuntu Trusty)
Status: New => Fix Released
** Changed in: tar (Ubuntu Xenial)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1912091
Title:
Memory Leak GNU Tar 1.33
Status in tar package in Ubuntu:
Fix Released
Status in tar source package in Trusty:
Fix Released
Status in tar source package in Xenial:
Fix Released
Status in tar source package in Bionic:
Fix Released
Status in tar source package in Focal:
Fix Released
Bug description:
An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak
in read_header() in list.c in the tar application. Occastionally, ASAN detects
an out of bounds memory read. Valgrind confirms the memory leak in the standard
tar tool installed by default. This degrades the availability of the tar tool,
and could potentially result in other memory-related issues.
Common Weakness Enumeration IDs for reference:
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-125: Out-of-bounds Read
Attached to this report is a PoC malcrafted file "1311745-out-
bounds.tar"
VALGRIND OUTPUT:
valgrind tar -xf 1311745-out-bounds.tar
==3776== Memcheck, a memory error detector
==3776== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3776== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==3776== Command: tar -xf output/1311745-out-bounds.tar
==3776==
tar: Unexpected EOF in archive
tar: Exiting with failure status due to previous errors
==3776==
==3776== HEAP SUMMARY:
==3776== in use at exit: 1,311,761 bytes in 2 blocks
==3776== total heap usage: 52 allocs, 50 frees, 1,349,212 bytes allocated
==3776==
==3776== LEAK SUMMARY:
==3776== definitely lost: 1,311,745 bytes in 1 blocks
...
NOTE: Version 1.30, 1.32, 1.33 were tested and confirmed to be
vulnerable.
lsb_release -rd
Description: Ubuntu 20.04.1 LTS
Release: 20.04
apt-cache policy tar
tar:
Installed: 1.30+dfsg-7ubuntu0.20.04.1
Candidate: 1.30+dfsg-7ubuntu0.20.04.1
---
Carlos
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
